From da115b1a498fea4354cfe566466ee659e916295e Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Mon, 2 Jan 2023 13:11:43 +0800
Subject: [PATCH] #114 * add proper code signing to .app and .dmg files in mac
 * cleanup rm unused pipeline code

---
 .github/workflows/ci.yml      | 14 ++++++++
 .github/workflows/m1.yml      | 61 -----------------------------------
 .github/workflows/main.yml    | 15 ++++++++-
 .github/workflows/release.yml | 14 ++++++++
 4 files changed, 42 insertions(+), 62 deletions(-)
 delete mode 100644 .github/workflows/m1.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2a5e34e..9c2d91c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -185,6 +185,20 @@ jobs:
     - name: test build tauri
       run: pnpm --filter gui tauri build
 
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+
+    - name: Codesign package
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      run: |
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
     - uses: aws-actions/configure-aws-credentials@v1
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/m1.yml b/.github/workflows/m1.yml
deleted file mode 100644
index 02bbd3b..0000000
--- a/.github/workflows/m1.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-name: "deploy"
-
-on:
-  push:
-    branches:
-      - m1-test
-
-
-jobs:
-  build_tauri:
-    timeout-minutes: 6
-    runs-on: ${{ matrix.platform.os }}
-    strategy:
-      matrix:
-        platform:
-          # - os: macos-11
-          #   name: darwin+x86-64
-          # - os: ubuntu-latest
-          #   name: linux+x86-64
-          - os: [self-hosted, macOS, ARM64]
-            name: darwin+aarch64
-          # - os: [self-hosted, linux, ARM64]
-          #   name: linux+aarch64
-    container: ${{ matrix.platform.container }}
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: setup node
-      uses: actions/setup-node@v2
-      with:
-        node-version: 16
-    - name: install Rust stable
-      uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-    - uses: pnpm/action-setup@v2
-      with:
-        version: 7.18.2
-        run_install: true
-  
-    # - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
-    #   with:
-    #     p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
-    #     p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
-    - run: pnpm build:gui
-
-    - name: Codesign package
-      run: |
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
-        codesign -s "Developer ID Application: Tea Inc. (7WV56FL599)" -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
-
-    - name: cp package images from prod to preview bucket
-      run: |
-        aws s3 cp ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg "s3://preview.gui.tea.xyz/release/tea.dmg"
-    # - name: zip app
-    #   run: |
-    #     cd ./modules/gui/src-tauri/target/release/bundle/macos/ && zip -r tea.zip tea.app
-
-    # - name: cp package images from prod to preview bucket
-    #   run: |
-    #     aws s3 cp ./modules/gui/src-tauri/target/release/bundle/macos/tea.zip "s3://preview.gui.tea.xyz/release/tea.zip"
\ No newline at end of file
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7bae9cb..ff56160 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -137,7 +137,20 @@ jobs:
         [[ $platform = "linux+x86-64" ]] && EXTENSION="deb"
         echo "build_platform=$BUILD_PLATFORM" >> $GITHUB_OUTPUT
         echo "extension=$EXTENSION" >> $GITHUB_OUTPUT
-  
+
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+    - name: Codesign package
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      run: |
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
     - name:  cp package images from prod to gui bucket
       env:
         platform: ${{ steps.build_platform.outputs.build_platform }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e61e619..086c992 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -73,6 +73,20 @@ jobs:
     - name: test build tauri
       run: pnpm --filter gui tauri build
 
+    - uses: apple-actions/import-codesign-certs@d54750db52a4d3eaed0fc107a8bab3958f3f7494
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      with:
+        p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+        p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+
+    - name: Codesign package
+      if: matrix.platform.name == 'darwin+x86-64' || matrix.platform.name == 'darwin+aarch64'
+      env:
+        APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+      run: |
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/macos/tea.app || true
+        codesign -s $APPLE_SIGNING_IDENTITY -v --force --deep --timestamp --preserve-metadata=entitlements -o runtime ./modules/gui/src-tauri/target/release/bundle/dmg/tea_0.1.0_aarch64.dmg || true
+
     - name: Get current unix ts - seconds
       id: date
       run: echo "unix_seconds=$(date +'%s')" >> $GITHUB_OUTPUT